Trending Projects

Free and open-source BadUSB payloads for the Flipper Zero hacking device, supporting Windows, Linux, and iOS.

An open-source OSINT tool to find breached emails, databases, pastes, and other relevant information.

A tool for enumerating, escalating privileges, and escaping Docker containers through a suite of exploits.

This project allows you to create up to a thousand WiFi access points with custom SSIDs, useful for security testing.

A Go-based utility for penetration testing and network security, featuring DHCP, DNS, and other network spoofing capabilities.

This repository contains a collection of malware samples for analysis purposes, not for malicious use.

Collection of vulnerable PHP code snippets for security research and bug bounty hunting.

This is a collection of cybersecurity learning resources for beginners and enthusiasts.

A collection of awesome resources related to the Cobalt Strike security tool for red team activities.

A collection of tools, scripts, and resources for OSCP (Offensive Security Certified Professional) preparation and penetration testing.

A Python tool that can discover hidden IP addresses behind Cloudflare using misconfigured DNS and old database records.

Automatically brute force all services running on a target, useful for security researchers and bug bounty hunters.

A toolkit to attack Office365 using various security tools and techniques.

This repository contains course materials for learning modern binary exploitation techniques.

A vulnerable Windows & Linux kernel driver for security research and exploit development.

A tool to upload arbitrary data via Apple's Find My network, useful for security researchers and data exfiltration.

This is a Windows kernel and user mode emulation library for malware analysis, not a vibe coder tool.

This is a hacking tool for brute-forcing Instagram passwords, not a developer platform focused on vibe coders.

This repository provides resources and guidance for entry-level cybersecurity job seekers to build their skills.

A cloud security suite that audits the security posture of AWS, GCP, and Azure infrastructure.

A ready-to-go phishing platform built with JavaScript for malicious social engineering attacks.

Project Wycheproof tests crypto libraries against known attacks, helping developers improve security.

XSS'OR is a JavaScript-based hacking tool for security researchers and penetration testers.

A curated list of resources related to Industrial Control System (ICS) security.

Improve your security and privacy by blocking ads, tracking and malware domains.

A curated list of resources related to the security and compromise of locks, safes, and keys.

Nym is a decentralized, privacy-preserving network that enables anonymous transactions and strong network-level privacy.

A comprehensive collection of resources for building and operating a Security Operations Center (SOC)

A framework for quickly exploiting the Fastjson vulnerability in Java applications.

NetRipper is a PowerShell tool for penetration testing that allows smart traffic sniffing.

A Go-based CLI tool for testing web cache poisoning vulnerabilities.

A vulnerable Spring Boot web application for learning about the Log4Shell vulnerability (CVE-2021-44228).

This Go-based stealth redirector helps red team operations by providing OPSEC for C2 infrastructure.

A frida tool to dump dex in memory to support security engineers analyzing malware.

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

This repository provides a collection of hacking tools and backdoor generators for security research and penetration testing.

A demonstration of phishing by abusing the browser autofill feature.

A multi-threaded PDF password cracking utility with password format builders and dictionary attacks.

A set of SQL injection labs to test different types of SQL injection vulnerabilities.

A modular sysmon configuration repository for security monitoring and threat hunting.

A network monitoring and bandwidth limiting tool for developers without administrative access.

A proposed standard that allows websites to define security policies.

A Python library that makes it easy to pop remote shells and leverage penetration testing tools.

ScopeSentry is a comprehensive security tool for mapping cyberspace, enumerating subdomains, scanning ports, and identifying vulnerabilities.

A Nuclei plugin for Burp Suite, a popular web application security testing tool.

This is an advanced remote access trojan (RAT) written in Python that can be controlled through Discord.

An open-source CMS scanner that automates detection of security flaws in popular CMS platforms.

An open-source adversary emulation platform for security professionals to assess system vulnerabilities.

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang.

A Python-based utility to quickly access and launch various hacking tools for security professionals.